<?php
// post new topic (get value from UI, add to database)
//
// digiboard by digitalboom.org
// http://www.digitalboom.org
//
// Information Technology program
// Sirindhorn International Institute of Technology
// Thammasat University, Rangsit Campus
// http://www.siit.tu.ac.th
//
// authors xx, BiGGA, sea
// first created on: 2001 Jun xx
// last modified on: 2008 Jul 13 by sea
//
// ip retrieving code by mhz

// captcha verification
session_start();
$string = strtoupper($_SESSION['string']);
$typestring = strtoupper($_POST['userstring']); 

include_once("settings/config.inc.php");
include_once("settings/accounts.inc.php");
include_once("lib/util.inc.php");
include_once("lib/users_function.inc.php");
include_once("lib/sh.inc.php");
include_once("lib/spam_check.inc.php");
include_once("lib/list_util.inc.php");
include_once("captcha/settings.php");
global $db_link, $DGB;

extract($_POST);
extract($_GET);

// client's ip address
$ip = $REMOTE_ADDR;
$ip_client = getenv("HTTP_CLIENT_IP");
$ip_xforward = getenv("HTTP_X_FORWARDED_FOR");
$ip_remote = getenv("REMOTE_ADDR");

// prepare input for database
$ok = true;

$meta_reload = "";
$html_title  = "";
$html_msg    = "";

@$forum_id = @trim($forum_id);
@$msgname = @trim($msgname);
@$msgby = @trim($msgby);
@$msgdetail = @rtrim($msgdetail);
@$email = @trim($email);
@$icq = @trim($icq);

if (@$forum_id < 1) {
 $ok = false;
 $html_msg = "Invalid forum selected.<br>";
}
if (@$msgname == "") {
 $ok = false;
 $html_msg = $html_msg."Please enter topic title.<br>";
} else {
 if (isnonsense($msgname)) {
   $html_msg = $html_msg."Please consider revise your topic title. Don't make it too fancy, please.<br>";
   $ok = false;
 }
}

if (@$msgby == "") {
 $ok = false;
 $html_msg = $html_msg."Please enter your name.<br>";
}
if (@$msgdetail == "") {
 $ok = false;
 $html_msg = $html_msg."Did you forget to type the message?<br>";
}
if (is_spam($msgdetail) || is_spammer($msgby,$icq)) {
 $ok = false;
 $html_msg = $html_msg."Nope, you cannot advertise here.<br><br>We don't wanna get rich by annoying people. We just work hard and believe in hard work. We also don't want 
any 
Xanax or Viagra, unlike your daddy.<br><br>And please do
us a favor: Fuck yourself and get lost!<br><br>"; }

//Captcha checking
if (($string != $typestring) || (strlen($string) <= 4)) {
 $ok = false;
 $html_msg = $html_msg."<font color=red>Your CAPTCHA is not correct.</font><br>";
}

if ($ok) {
 //Clear Captcha session when it's correct :D
 session_destroy();   
 //Check User Login
 shad2pw($_COOKIE[Password]);
 $AlreadyLogin = CheckUser($_COOKIE[Username],$_COOKIE[Password],$db_link,$DGB['DB_USERS_TABLE']);
 if ($AlreadyLogin == "1") {
  if ($_COOKIE[Username] == $msgby) {
   $msgby .= "[RegisterUserLogin]";
  } else {
   $msgby .= "($_COOKIE[Username] [RegisterUserLogin])";
  }
 } else {
  $clearfakemsg = "[RegisterUserLogin]";
  $clearfakemsg_txt = "";
  $msgby = str_replace($clearfakemsg, $clearfakemsg_txt, $msgby);
 }

 $msgname   = addslashes($msgname);
 $msgby     = addslashes($msgby);
 $msgdetail = addslashes($msgdetail);

 $NowTimeStamp  = time();
 $NowTimeStamp_Offsetted  = $NowTimeStamp-($DGB["TIME_OFFSET"]*3600);

 $posttime = date("Y-m-d H:i:s", $NowTimeStamp_Offsetted);
 $query =
  "INSERT INTO ".$DGB['DB_TOPICS_TABLE'].
  " (Forum_ID, PosterName, PosterEmail, PosterICQ, PostTime, AnsTime, IP, Title, Message, IP_Client, IP_Xforward, IP_Remote)  VALUES  ('$forum_id', '$msgby', '$email', '$icq', '$posttime', '$posttime', '$ip', '$msgname', '$msgdetail', '$ip_client', '$ip_xforward', '$ip_remote')";
  
 $db_link = dgb_db_connect();

 // start update member post/answer stats
 if ($AlreadyLogin == "1") {
  $query1 = "SELECT TotalTopicPost  FROM  ".$DGB['DB_USERS_TABLE']." WHERE Username = '$_COOKIE[Username]' and Password='".md5($_COOKIE[Password])."'";
  $result1 = mysql_query($query1,$db_link);
  $data1 = mysql_fetch_row($result1);
  // value increment by 1
  $TotalTopicPost = $data1[0]+1;
  $query2 = "UPDATE ".$DGB['DB_USERS_TABLE']." SET TotalTopicPost ='$TotalTopicPost' WHERE Username='$_COOKIE[Username]' and Password = '".md5($_COOKIE[Password])."'";
  $result2 = mysql_query($query2,$db_link);
 }
 // end update mMember post/answer stats

 $result = mysql_query($query,$db_link);

 mysql_close();
  
 if ($result) {
  makefeed_list(10, 300);
  
  $html_title = "Posted";
  $html_msg   = "<b>Message posted.</b><br>".
   "<br><a class=\"linkBtn\" href=\"list.php?forum=$forum_id\">See your message in the webboard</a>";
  
  $meta_reload =
   "<meta http-equiv=\"refresh\" content=\"3; URL=list.php?forum=$forum_id\">"; 
 } else {
  $html_title = "Cannot post";
  $html_msg   = "<b>Message was not posted, cannot access database.</b><br>".
   "<br><a class=\"linkBtn\" href=\"javascript: history.back()\">Go back and try again</a>";
 }
} else {
 $html_title = "Not posted";
 $html_msg = $html_msg."<b>Message was not posted.</b><br>".
  "<br><a class=\"linkBtn\" href=\"javascript: history.back()\">Go back to complete it</a>";
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?=$DGB["ENCODING"]?>">
<?=$meta_reload;?>
<title><?=$html_title;?></title>
<link rel="stylesheet" href="<?=$DGB["STYLESHEET"];?>" type="text/css">
</head>

<body bgcolor="#FFFFEE">
<table width="100%" height="100%" border=0 cellspacing=0 cellpadding=0>
<tr>
<td valign="middle">

<table width="50%" align="center" border=0 cellpadding=1 cellspacing=0 bgcolor="#cccccc">
 <tr>
  <td class="tpInfo"><b>&nbsp;<?=$html_title;?></b></td>
 </tr>
 <tr>
  <td>
   <table width="100%" align="center" border="0" bgcolor="#fefefe">
    <tr class="tpMsg" align="center">
     <td>
      <br><?=$html_msg;?><br>
     </td>
    </tr>
    <tr class="tpPosterInfo" align="right">
     <td>&nbsp;</td>
    </tr>
   </table>
  </td>
 </tr>
</table>
</td>
</tr>
</table>

</body>
</html>


